Session Memory
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent local memory skill, but some scripts insert command-line options directly into Node code, creating a local code-execution risk.
Review or patch the scripts before relying on this skill, especially if an agent may pass user-provided filter values into its commands. Use it only for local notes you are comfortable keeping in plaintext under ~/.agent-memory, avoid saving real secrets, and import memory backups only from trusted sources.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or user runs one of these scripts with a maliciously crafted option value, it could execute local code outside the intended memory-search task.
Command-line option values are copied into a JavaScript program passed to node -e instead of being passed as data. A crafted --limit, --topic, --importance, or --since value could break the intended code context and run arbitrary Node.js code under the user's account. Similar interpolation patterns appear in other scripts such as context.sh, consolidate.sh, and export.sh.
--limit) LIMIT="$2"; shift 2 ;; --topic) TOPIC_FILTER="$2"; shift 2 ;; ... const limit = $LIMIT; const topicFilter = '$TOPIC_FILTER'; const importanceFilter = '$IMPORTANCE_FILTER'; const since = '$SINCE';
Patch the scripts to pass all user-controlled values through process.argv or environment variables, validate numeric options like --limit and --days, and avoid interpolating shell variables into node -e source code.
Private notes, project details, or credential-related references saved here may be shown to the agent in later sessions.
The skill intentionally stores persistent local memories and prioritizes critical entries in future session context. This is core to the skill, but it means sensitive or misleading entries can persist and influence later agent behavior.
| `AGENT_MEMORY_DIR` | `~/.agent-memory` | Storage directory | ... | `critical` | Credentials, blockers, urgent | Always in session context, top priority |
Do not store actual secrets in memory entries; store references to a vault instead, review/delete stale or untrusted entries, and import backups only from trusted sources.